CloudFlare Tips: Using CloudFlare for your forums

Last week, our CEO Matthew was on a panel at ForumCon in San Francisco. ForumCon attracted forum owners from all over the world and we got to meet a lot of interesting people. Some of the key things we heard was that unlike other types of websites, forums had to have the ability for its members to post comments and connect in real-time. Otherwise, without that, it is hard to run a forum. Because of that, forum owners spend a lot of time having to deal with comment spam and fake accounts to ensure a vibrant community for their members.

We know first hand that running a forum isn't easy. I've run Vbulletin forums in the past. In addition to managing the community, I had to contend with things like spam, malicious attacks and large floods of traffic on a daily basis.

Since CloudFlare offers a protection against forum spammers and attackers and helps your forum stay online even with traffic spikes, I wanted to share some CloudFlare best practices for forum owners.

Before joining CloudFlare

Before you activate CloudFlare, we recommend that you make an announcement to your community. Some topics to include:

You're going to be trying a service called CloudFlare to protect and speed up your forums, which should improve page loading times and sharply reduce the number of active spammers.

Advise your members that they may get a challenge page before they are granted access to the site. Let them know that they can still access the
forum by passing the captcha, and that they can send you a message through the challenge page to request whitelisting of their IP address. Only a small number of your forum members will see the challenge page, but it is always useful to let them know what to expect. (On a side note, the intermittent page is used to stop automated bots from accesing your site).

Let the community members know that the challenge page will appear if there are indications that their machine is infected with a computer virus or malware. The best thing to do is to run an anti-virus scan on
their machine as a precaution.

Let your members know that sometimes there are false positives with the data, but it is most common when the visitor is coming from a shared network like an office, college network or coffee shop. What this means is that although their computer isn't infected, someone else on the same network does have an issue. Your community member should run an anti-virus scan as a precaution. If there is no virus or malware, then they can enter the CAPTCHA to access the forum. The data set will refine over time.

Using CloudFlare Threat Control
Why: Challenged visitors may leave a message for you in your threat control panel requesting IP whitelisting. In addition, you can use the threat control panel to add known IPs, IP ranges, or countries that you want to either block from or trust accessing your forum.

Related:

How CloudFlare stops forum and blog spammers
Are there any other forum platforms that you use in which we should know about? Please let us know in the comments. Also, if you've created a solution and want to share it back to the CloudFlare community, add it to our Wiki.

Over the last few weeks a number of companies have seen their password databases leaked onto the web and found that despite having made some effort to protect them many of the passwords were easily uncovered....

CloudFlare is a service that utilizes proprietary technology to make websites run safer and faster around the world. We currently run 12 data centers (with more on the way) on three continents to provide static content caching, bot filtering and more for all of our users....